Merge "(zuul) Add a bandit scanning gate"

This commit is contained in:
Zuul 2018-06-01 20:41:24 +00:00 committed by Gerrit Code Review
commit c34297c5ee
3 changed files with 44 additions and 5 deletions

View File

@ -18,6 +18,7 @@
voting: false
- airship-shipyard-tox-py35
- airship-shipyard-pep8
- airship-shipyard-security-bandit
- airship-shipyard-image
gate:
jobs:
@ -30,14 +31,21 @@
# - ^releasenotes/.*$
- airship-shipyard-tox-py35
- airship-shipyard-pep8
- airship-shipyard-security-bandit
- airship-shipyard-image
- nodeset:
name: airship-shipyard-single-node
nodes:
- name: primary
label: ubuntu-xenial
- job:
name: airship-shipyard-linter
description: |
Lints all files by checking them for whitespace.
run: tools/gate/playbooks/zuul-linter.yaml
nodeset: openstack-helm-single-node
nodeset: airship-shipyard-single-node
- job:
name: airship-shipyard-base
@ -63,7 +71,7 @@
- job:
name: airship-shipyard-ubuntu
parent: airship-shipyard-base
nodeset: openstack-helm-single-node
nodeset: airship-shipyard-single-node
- job:
name: airship-shipyard-tox-base
@ -90,7 +98,7 @@
Run tox-based tests for the Airship Shipyard project under
cPython version 3.5.
parent: airship-shipyard-tox-base
nodeset: openstack-helm-single-node
nodeset: airship-shipyard-single-node
vars:
tox_envlist: py35
@ -100,10 +108,17 @@
Run pep8 tests for the Airship Shipyard project under
cPython version 3.5.
parent: airship-shipyard-tox-base
nodeset: openstack-helm-single-node
nodeset: airship-shipyard-single-node
vars:
tox_envlist: pep8
- job:
name: airship-shipyard-security-bandit
description: |
Run bandit code scans for the Airship Shipyard project
run: tools/gate/playbooks/security-bandit.yaml
nodeset: airship-shipyard-single-node
- job:
name: airship-shipyard-image-base
description: |
@ -127,4 +142,4 @@
description: |
Run shipyard-image build.
parent: airship-shipyard-image-base
nodeset: openstack-helm-single-node
nodeset: airship-shipyard-single-node

View File

@ -57,6 +57,10 @@ dry-run: clean
.PHONY: docs
docs: clean build_docs
.PHONY: security
security:
cd $(BUILD_CTX)/shipyard_airflow; tox -e bandit
cd $(BUILD_CTX)/shipyard_client; tox -e bandit
.PHONY: tests
tests:

View File

@ -0,0 +1,20 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: primary
tasks:
- name: Execute the make target for security scanning
make:
chdir: "{{ zuul.project.src_dir }}"
target: security
register: result
failed_when: result.failed